See: http://killmalware.com/giftsfortwo.co.uk/# See: http://toolbar.netcraft.com/site_report?url=http://giftsfortwo.co.uk
Detected malicious PHP content
ISSUE DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 -http://giftsfortwo.co.uk )
Internal Server Error 500-error?v1 -http://giftsfortwo.co.uk/404testpage4525d2fdc
Internal Server Error 500-error?v1 -http://giftsfortwo.co.uk/404javascript.js
Defacement MW:DEFACED:01 -http://giftsfortwo.co.uk/404javascript.js
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
The webpage code: http://www.domxssscanner.com/scan?url=http%3A%2F%2F46.30.8.183%2Fcgi-sys%2Fdefaultwebpage.cgi (that actually should not be there/insecure info proliferation, but normally one should get a
11004 [11004] Valid name, no data record (check DNS setup) here).
Website Risk Status: http://toolbar.netcraft.com/site_report?url=http://46.30.8.183
SSL Cert: commonName=-srv01.www.gs2.exn.uk/organizationName=EX Networks Limited/stateOrProvinceName=England/countryName=GB (also has the cgi-sys/defaultwebpage.cgi in address).
Scripts should be run as account user, not as nobody.
SSLv2 supported. Cause probably PHP hack or Viewport Hack (https://gist.github.com/ambienttraffic/6cc5ea80ce5c2475c99a)
or weak cgi.
The trouble with defacement hacks is that the hacker needs just one tiny wormhole to get access through
and the website code defense has to reckon with the full manual to secure the website 
The only way to avoid a mass defacement is to eliminate entry points that allow an intruder to upload code and execute it remotely. There is no single answer to this. It involves making sure all services are updated, and checking all scripts hosted on your server for vulnerabilities that may allow them to be exploited in this manner.
polonus (volunteer website security analyst and website error-hunter)